Unlock Exclusive Cyber Threat Intelligence
Powered by DarkWebInformer.com
Foundational access to breach intelligence. Track breaches, leaks, and threats in real time with high quality screenshots and concise expert summaries.
Continuously updated breach reports and threat summaries.
Daily breach, leak, and DDoS alerts.
Live tracking with JSON export.
Direct access to claims and posts.
Concise summaries of DDoS, defacements, and breaches.
Verified index of dark web sites and services.
Live status of 500+ sites.
Integrated checks inside breach posts.
Uncompressed, watermark free evidence.
Browser alerts for tracked terms.
Stay in the loop across channels.
Verified PGPs for ransomware and threat groups.
📖 Overview
A threat actor is advertising unauthorized access to a Prestashop-based online store in Italy. The listing includes Shell and Adminer access, with reported transaction volumes ranging between 2,000 and 4,700 monthly orders. Such access could allow attackers to manipulate the store, steal customer payment information, or deploy malicious redirects.
📌 Key Details
- Victim Country: Italy
- Industry: E-commerce & Online Stores
- Victim Organization: Unknown
- Victim Site: Unknown
- Threat Actor: kqu
- Network: openweb
- Category: Initial Access
- Severity: Medium
- Access Type: Prestashop platform with Shell and Adminer access
- Traffic Metrics: 38K Ahrefs
- Transaction Volumes:
- August: 2,096 orders
- July: 4,751 orders
- June: 3,893 orders
- May: 4,719 orders
- Price Structure: Start $1,900 • Step $200 • Blitz $5,000 • PPS 24 hours
🔗 Claim Post (Plain Text)
Claim Post: Available on the Threat Feeds and Paid Subscriber blog posts.
📸 Screenshot Preview
⚠️ Note: This is a free post. Images may contain redacted information. Paid posts and threat feeds contain unredacted material.
🛡️ WhiteIntel.io Access Infostealers Check
This section is available exclusively for paid subscribers in the Ransomware/Threat Feed blog posts.
🧩 TTPs (MITRE ATT&CK Mapping)
- TA0001 Initial Access: Exploitation of web applications and CMS platforms
- TA0009 Collection: Theft of customer payment data and order records
- T1078 Valid Accounts: Abuse of Shell/Adminer access for persistence
- TA0010 Exfiltration: Extraction of financial and PII data
- TA0040 Impact: Website manipulation, fraud, or malware injection
👤 Threat Actor Profile: kqu
Summary
- Total Matches: 1
- First Seen: 2025-08-27
- Last Seen: 2025-08-27
- Data Start: 2024-10-02
- Countries: Italy
- Industries: E-commerce & Online Stores
📊 Threat Actor Activity
| Date | Country | Sector / Industry | Type | Target / Access | Network |
|---|---|---|---|---|---|
| 2025-08-27 | Italy | E-commerce & Online Stores | Initial Access | Compromised Prestashop-based shop access | openweb |
🚨 Potential Risks
Access to a live e-commerce store provides attackers the ability to harvest payment card details, redirect traffic to malicious domains, or alter checkout flows for fraud. It also creates reputational and regulatory risks for the impacted business due to compromised customer trust and potential GDPR violations.
✅ Recommended Security Actions
- Immediately audit Prestashop deployments for unauthorized Shell/Adminer access
- Rotate all administrator credentials and enforce MFA
- Review order logs for anomalies or fraudulent activity
- Monitor for malicious redirects, injected scripts, or altered checkout flows
- Segment database access to limit exposure of payment and PII data
- Conduct forensic analysis to determine how the compromise occurred
💡 Final Thoughts
E-commerce platforms continue to be lucrative targets because they handle direct financial transactions and sensitive customer data. Even smaller shops with thousands of monthly orders can be exploited for significant fraud campaigns. Proactive hardening of CMS platforms, coupled with strong monitoring and access controls, is essential to prevent these types of breaches.
![IOC Alert: Lumma Stealer C2 Domain Identified – larpfxs[.]top](/content/images/size/w1304/format/webp/2025/08/23985762398576198764252-1.jpg)
